Menu

Social Media Usage Increases Cyber Risks – A Competing Point of View?

This post is the last in a series of three addressing recent social media surveys. If you recall, last week we discussed the findings of a new survey conducted by TELUS and the Rotman School of Management. That survey concluded that an outright ban on social media usage increased a business’ risk for cyber intrusion by approximately 30 percent. (A New Twist on Business Security – Banning Social Media Can Increase Security Breaches?) Well, as you may know, there really is no definitive answer to the question of how much access employees should be given to social media. Case in point, another study conducted in July 2011 by Ponemon Institute, a research firm, and Websense, Inc., concluded that as a company’s social media usage increased so too did the firm’s risk for viruses and malware. Don’t these two surveys appear to conflict?

The Ponemon study, as reported in Bloomberg Law, Facebook, Twitter Increases Companies’ Security Risks, found that more than one-half of the businesses surveyed reported an increase in cyber-attacks as a result of employee’s usage of social media networks. Approximately, 25 percent of the companies experienced a 50 percent increase in attacks. What drove the results of the Ponemon and Websense survey? The global study reported that as social media usage played a larger role in a business’ practice, many organizations found themselves ill-equipped to deal with the accompanying security risks. Researchers discovered that only 35 percent of the firms worldwide had a social media usage policy in place, and of those with a policy, only 35 percent enforced it.

“A lot of the organizations still didn’t have an acceptable use policy,” said Larry Ponemon, chairman and founder of Ponemon Institute. Of those businesses with a usage policy in place, Mr. Ponemon told Bloomberg Law that “a policy that isn’t vigorously enforced isn’t meaningful.” As co-author Norah Olson Bluvshtein noted about social media training (only 27% reported conducting social media training to employees) in her postNew Statistics on Social Media At Work – Who’s Using It and Is It Effective?– employers still have a long way to go on implementing appropriate and effective policies.

How did most of the attacks reported in the Ponemon study occur? The study found that the attacks were “socially engineered driven“ – Bloomberg called it the “click-trick.” What does that mean exactly? Patrick Runald, a researcher at Websense, Inc., explained that users may be enticed to click on a video pop-up, for example, “which takes you to a page off of Facebook, where they trick you into downloading something.” With the download comes cyber viruses and malware.

So, do the surveys really conflict? No, not really. The Ponemon study simply confirms that a workforce which does not understand the dangers beneath the surfaces of many legitimate social media network sites poses a great risk to the business’ IT safety. As we discussed last week (A New Twist on Business Security – Banning Social Media Can Increase Security Breaches?) a workforce educated on the importance of cyber security and adherence to legitimate social media usage policies remains the best alternative to protect a business’ IT future. Not just a companywide review of the company’s cyber security policies, but a discussion with the employees of how, why and where the security breaches occur. A demonstration of how things like the “click–trick” work in the cyber-world, and that the malicious packages are simply waiting for the uneducated worker to download its viruses or malware.

We may sound a bit like a broken record here, but we have often preached that sound social media policies, a workforce educated about the importance of cyber security, and vigilance in the appropriate use of social media will put a company’s security risks in check. I believe the two studies discussed support this important point.

Archives

Archives

Disclaimer

THIS WEBSITE DOES NOT PROVIDE LEGAL ADVICE. The materials on this website have been prepared by Fredrikson & Byron, P.A. for informational purposes only. Accessing this website is a request for information and does not create an attorney-client relationship between any user and Fredrikson & Byron, its attorneys, or the authors of this site. The opinions expressed on this site are those of the author(s), and do not represent the opinions of Fredrikson & Byron.